On Wed, Aug 2, 2017 at 5:21 AM, LGuerra <[email protected]> wrote: > Hi guys, > > I think that my server isn't collecting/analyzing all agent messages. A few > days ago I turned off a huge log source and OSSEC started showing a lot more > events from the other sources. My guess is that lots of messages are being > lost due to OSSEC inability to correlate them all. > > Is there a maximum throughput and/or threshold set for OSSEC? > How can I check the ammount of messages being collected and/or verify if > there is in fact message loss? >
If you turn on the logall option on the server, you can compare the logs OSSEC sees to what you expect it to see. You can also look for dropped packets or network errors. > Thanks in advance, > > Regards. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
